Re: Problem with replication

Thu, 01 Jun 2006 01:27:41 -0700

It's difficult to tell from the sloppy formatting of your email, but most likely you have white space in your slave's slapd.conf where it does not belong, and are missing white space where it does belong. Please read the slapd.conf(5) manpage again and pay attention to the rules for white space in this file. 

Sandeep A.S wrote:



The slave ACLs are in the wrong order, so there is no way to Bind 
because nobody can access the userPassword attribute.




 Thanks  a lot  for your help.

 Now Invalid  credentials  error is gone. (I created one dn: 
uid=Replicator,dc=nc,dc=com in the master and slapcated to slave )

 Also changed the ACLs as  below:

 In Master:
access to attrs=userPassword
       by dn="uid=Replicator,dc=nc,dc=com"  write
       by self write
       by * auth
access to *
       by dn="uid=Replicator,dc=nc,dc=com"  write
       by self write
       by * read
And         replica uri=ldap://192.168.128.248:6666
        suffix="dc=nc,dc=com"
         binddn="uid=Replicator,dc=nc,dc=com"
         bindmethod=simple credentials=secret

In Slave:(Same as Master)
       access to attrs=userPassword
       by self write
       by dn="uid=Replicator,dc=nc,dc=com"  write
       by * auth
       access to *
       by dn="uid=Replicator,dc=nc,dc=com"  write
       by self write
       by * read

      updatedn       "uid=Replicator,dc=nc,dc=com"


In Master slurpd -d 256 gives the following: (When I try to delete DN 
"uid=flexlm,ou=People,dc=sca,dc=nc,dc=com in Master)
      Error: ldap_delete_s failed deleting DN 
"uid=flexlm,ou=People,dc=sca,dc=nc,dc=com": no write access to parent
      Error: ldap operation failed, data written to 
"/usr/local/var/openldap-slurp/replica/192.168.128.248:6666.rej"

And in slave: slapd -d 256 gives :

      conn=1 fd=11 ACCEPT from IP=192.168.128.238:34313 
(IP=192.168.128.248:6666)

      conn=1 op=0 BIND dn="uid=Replicator,dc=nc,dc=com" method=128
      conn=1 op=0 BIND dn="uid=Replicator,dc=nc,dc=com" mech=SIMPLE ssf=0
      conn=1 op=0 RESULT tag=97 err=0 text=
      conn=1 op=1 DEL dn="uid=flexlm,ou=People,dc=sca,dc=nc,dc=com"
      conn=1 op=1 RESULT tag=107 err=50 text=no write access to parent
   I assume some ACL issue,but I am helpless to find it out
  Requesting your help

 Thanks
 Sandeep


--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/























					Reply via email to